Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Bandicam/bandicam.exe

windows7-x64

7

Bandicam/bandicam.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/D3...43.dll

windows7-x64

3

$SYSDIR/D3...43.dll

windows10-2004-x64

3

$SYSDIR/d3dx11_43.dll

windows7-x64

3

$SYSDIR/d3dx11_43.dll

windows10-2004-x64

3

$SYSDIR/vcomp140.dll

windows7-x64

3

$SYSDIR/vcomp140.dll

windows10-2004-x64

3

$TEMP/BDMP...UP.exe

windows7-x64

7

$TEMP/BDMP...UP.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$SYSDIR/bdmjpeg.dll

windows7-x64

3

$SYSDIR/bdmjpeg.dll

windows10-2004-x64

3

$SYSDIR/bdmjpeg64.dll

windows7-x64

1

$SYSDIR/bdmjpeg64.dll

windows10-2004-x64

1

$SYSDIR/bdmpega.dll

windows7-x64

3

$SYSDIR/bdmpega.dll

windows10-2004-x64

3

$SYSDIR/bdmpega64.dll

windows7-x64

1

$SYSDIR/bdmpega64.dll

windows10-2004-x64

1

$SYSDIR/bdmpegv.dll

windows7-x64

3

$SYSDIR/bdmpegv.dll

windows10-2004-x64

3

$SYSDIR/bdmpegv64.dll

windows7-x64

1

$SYSDIR/bdmpegv64.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 01:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bandicam/bandicam.exe

  • Size

    15.0MB

  • MD5

    86ddad2004ee165ab24b126272b29ce0

  • SHA1

    15cb513e1b7d5fd295a252aaf99c9ef199f7989b

  • SHA256

    21dfafc11d0c63ba11995bf206b9de297bc835dde6a13ebff445b0c762eb749f

  • SHA512

    ba8fc5f81ac8663256772970da2ac3bed9c81feb510a551b8a37a8dc70e13907976c2632aaea9f661df015a4a3c28469ab07121cd8bb50ceb3bff2c428ce6e01

  • SSDEEP

    393216:1EkkGawXGJo13+tMDOB71l07bxqeynPE02lyTQAMljj:1IGnXGGl+aDOBBlgwnPDjMljj

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bandicam\bandicam.exe
    "C:\Users\Admin\AppData\Local\Temp\Bandicam\bandicam.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi690B.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    67d8f4d5acdb722e9cb7a99570b3ded1

    SHA1

    f4a729ba77332325ea4dbdeea98b579f501fd26f

    SHA256

    fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

    SHA512

    03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi690B.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    410a586735f45164c86bda363ad8446f

    SHA1

    a68d18a8c72ffaa8f8d9ed9f76ea9b0ed397821b

    SHA256

    b15b1fc88d1b56088b2d3738d76772a91fa186a316a3e0a154358820d0fb9005

    SHA512

    d12083f67df132b2be57c202601a0cf82dba4c234910e780d2723aac14ae68407b824405b04737b55104bc97750550a3271a944d647661b067ce134075e6cc2a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi690B.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi690B.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    d16e06c5de8fb8213a0464568ed9852f

    SHA1

    d063690dc0d2c824f714acb5c4bcede3aa193f03

    SHA256

    728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531

    SHA512

    60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi690B.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    8ac4cd2cd532d963558b61109c03ff75

    SHA1

    8ca3e2bece85f61ccce23c5614aafefa9c2b8697

    SHA256

    6a49bdd82f43e4600bf478165dd2c8a81298d0841b8e5690710ff51eebd249df

    SHA512

    1a5aef2001d93c71fb4e6bbc7159cb23ca0013de6aa04be72e89b2d52c1500bd20bc9484bf440263e47e6ee5a8d2a1c8c4ff04ae47d9795962929540e4122179

    Download Submit